US10356105B2ActiveUtilityA1
Smart authentication friction level adjusted based on circumstances
Assignee: MICROSOFT TECHNOLOGY LICENSING LLCPriority: Jun 14, 2016Filed: Jun 14, 2016Granted: Jul 16, 2019
Est. expiryJun 14, 2036(~9.9 yrs left)· nominal 20-yr term from priority
G06F 2221/2137H04L 63/08G06F 2221/2111H04L 63/107G06F 21/316H04W 12/06H04L 63/108H04W 12/065H04W 12/069
66
PatentIndex Score
1
Cited by
23
References
20
Claims
Abstract
Granting a validation period. A method includes receiving user input providing one or more authentication factors. The method further includes receiving information about one or more authentication scales. Based on the strength of the authentication factors received from the user and the information about the one or more authentication scales, the method further includes determining a validation period. The method further includes granting or revoking the validation period to the user.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1. A computer system comprising:
one or more processors; and
one or more computer-readable hardware storage devices having stored thereon instructions that are executable by the one or more processors to configure the computer system to grant a validation time-period for access to the computer system, including instructions that are executable to configure the computer system to perform at least the following:
receive, at the computer system, one or more environmental sensor signals;
compute, at the computer system, an adversity quotient at least based on the one or more environmental sensor signals;
determine, at the computer system, that the adversity quotient meets an adversity quotient threshold;
based at least on determining that the adversity quotient threshold has been met, present a user with a prompt to provide at least one of a plurality of different authentication factors that are each valid at the adversity quotient threshold for accessing the computer system;
identify, at the computer system, one or more authentication scales that rank a strength of each of the plurality of different authentication factors, wherein the strength of each of the plurality of different authentication factors is usable to determine a length of a validation time-period, the length of the validation time-period being longer for a more strongly-ranked authentication factor than it is for a more weakly-ranked authentication factor;
receive, at the computer system, a user input providing the at least one of the plurality of different authentication factors;
determine, at the computer system, the strength of the at least one of the plurality of different authentication factors received in the user input;
based on the strength of the at least one of the plurality of different authentication factors received from the user input, determine, at the computer system, the length of validation time-period, during which time-period the user has access to the computer system; and
grant the user access to the computer system for the length of the validation time-period, avoiding re-computing at least the adversity quotient during the validation time-period.
2. The computer system of claim 1 , wherein the one or more authentication scales comprises information about a user scale comprising weights and rules configured by a computing system user, a service scale comprising weights and rules provided by a computing service, and an enterprise scale comprising rules and weights provided by an enterprise.
3. The computer system of claim 1 , wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to smooth rules from the one or more authentication scales at one or more smoothing zones.
4. The computer system of claim 1 , wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to identify that a tipping factor has been triggered, and as a result, shorten the validation time-period, wherein triggering the tipping factor occurs when the computing system identifies that a change has occurred to the adversity quotient at least based on a change to the one or more environmental sensor signals.
5. The computer system of claim 1 , wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to identify that a tipping factor has been triggered, and as a result, revoke the validation time-period.
6. The computer system of claim 1 , wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to identify that a tipping factor has been triggered, and as a result, require one or more stronger authentication factors from the user.
7. The computer system of claim 1 , wherein the one or more computer-readable hardware storage devices further have stored thereon instructions that are executable by the one or more processors to configure the computer system to automatically re-compute at least one authentication scale using machine learning.
8. The computer system of claim 1 , wherein information about the one or more authentication scales comprises rules specifying time of day ranges.
9. The computer system of claim 1 , wherein information about the one or more authentication scales comprises rules specifying locations.
10. A method, implemented at a computer system that includes one or more processors, of granting a validation time-period for access to the computer system, the method comprising:
receiving, at the computer system, one or more environmental sensor signals;
computing, at the computer system, an adversity quotient at least based on the one or more environmental sensor signals;
determining, at the computer system, that the adversity quotient meets an adversity quotient threshold;
based at least on determining that the adversity quotient threshold has been met, presenting a user with a prompt to provide at least one of a plurality of different authentication factors that are each valid at the adversity quotient threshold for accessing the computer system;
identify, at the computer system, one or more authentication scales that rank a strength of each of the plurality of different authentication factors, wherein the strength of each of the plurality of different authentication factors is usable to determine a length of a validation time-period, the length of the validation time-period being longer for a more strongly-ranked authentication factor than it is for a more weakly-ranked authentication factor;
receive, at the computer system, a user input providing the at least one of the plurality of different authentication factors;
determine, at the computer system, the strength of the at least one of the plurality of different authentication factors received in the user input;
based on the strength of the at least one of the plurality of different authentication factors received from the user input, determining, at the computer system, the length of the validation time-period, during which time-period the user has access to the computer system; and
granting the user access to the computer system for the length of the validation time-period, avoiding re-computing at least the adversity quotient during the validation time-period.
11. The method of claim 10 , wherein the one or more authentication scales comprises information about a user scale comprising weights and rules configured by a computing system user, a service scale comprising weights and rules provided by a computing service, and an enterprise scale comprising rules and weights provided by an enterprise.
12. The method of claim 10 further comprising smoothing rules from the one or more authentication scales at one or more smoothing zones.
13. The method of claim 10 further comprising identifying that a tipping factor has been triggered, and as a result, shortening the validation period.
14. The method of claim 10 further comprising identifying that a tipping factor has been triggered, and as a result, revoking the validation period.
15. The method of claim 10 further comprising identifying that a tipping factor has been triggered, and as a result, requiring one or more stronger authentication factors from the user.
16. The method of claim 10 further comprising automatically re-computing an authentication scale using machine learning.
17. The method of claim 10 , wherein information about the one or more authentication scales comprises rules specifying time of day ranges.
18. The method of claim 10 , wherein information about the one or more authentication scales comprises rules specifying locations.
19. A computer program product comprising one or more computer-readable hardware storage devices having stored thereon instructions that are executable by one or more processors to configure a computer system to grant a validation time-period for access to the computer system, including instructions that are executable to configure the computer system to perform at least the following:
receive, at the computer system, one or more environmental sensor signals;
compute, at the computer system, an adversity quotient at least based on the one or more environmental sensor signals;
determine, at the computer system, that the adversity quotient meets an adversity quotient threshold;
based at least on determining that the adversity quotient threshold has been met, present a user with a prompt to provide at least one of a plurality of different authentication factors that are each valid at the adversity quotient threshold for accessing the computer system;
identify, at the computer system, one or more authentication scales that rank a strength of each of the plurality of different authentication factors, wherein the strength of each of the plurality of different authentication factors is usable to determine a length of a validation time-period, the length of the validation time-period being longer for a more strongly-ranked authentication factor than it is for a more weakly-ranked authentication factor;
receive, at the computer system, a user input providing the at least one of the plurality of different authentication factors;
determine, at the computer system, the strength of the at least one of the plurality of different authentication factors received in the user input;
based on the strength of the at least one of the plurality of different authentication factors received from the user, determine, at the computer system, the length of the validation time-period, during which the user has access to the computer system; and
grant the user access to the computer system for the length of the validation time-period, avoiding re-computing at least the adversity quotient during the validation time-period.
20. The computer program product of claim 19 , wherein the one or more authentication scales comprises information about a user scale comprising weights and rules configured by a computing system user, a service scale comprising weights and rules provided by a computing service, and an enterprise scale comprising rules and weights provided by an enterprise.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.